News:

MASM32 SDK Description, downloads and other helpful links
MASM32.com New Forum Link
masmforum WebSite

Inside synbolic debug?

Started by Crosscross, April 21, 2007, 03:06:01 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

Crosscross

April 21, 2007, 03:06:01 PM
first please don't mind my poor chinese english if you had trouble undestanding it. i just wanna understand sth in what i think depth.

i had learn .asm  for some time,and i had tried some methods to debug symbolic variables, but i dont know how masm and link worked with it,when i disassembly it i just see  a great many of int 3 instructions. thank you !

masmgod

#1
April 22, 2007, 11:59:51 AM
What is happening here is that the linker is being used in incremental mode

What this means is to keep link times down on subsequent builds a lot of padding is put in between proceedures by the linker so should a proceedure be changed then only that proceedure will need linking into the executable rather than the whole program.

Now the padding that is used is opcode CC which is our int 3 instruction.

The Int 3 instruction is what generates our debug exceptions so the debugger can break into an executable image.

Int 3 was chosen as padding because if we have done something wrong in our program and in assembly this is possible we can jmp or call to the memory location that has our padding and a debug exception is generated if we had used any 8 bit number in our padding the program can run forever with disastrous consequences

If we want to get rid of the padding just turn incremental linking off

Hope this helps

Vortex

#2
April 22, 2007, 12:49:37 PM
Code Select
\masm32\bin\ml /c /coff /Zi /Zd Msgbox.asm
\masm32\bin\link /SUBSYSTEM:WINDOWS /DEBUG /DEBUGTYPE:CV Msgbox.obj

dsouza123

#3
April 22, 2007, 01:29:57 PM
To do symbolic debugging two things are required,
a symbolic (source level) debugger
and the program  progname.exe to be instrumented
to contain the variable names and types,
aka a debug version, for which Vortex provided settings,
for both the assembler and linker.

Disassembling a debug version (unless using an advanced symbolic disassembler)
wont help you much, in fact the original source is the best source of symbolic code.

Vortex

#4
April 22, 2007, 05:42:57 PM
A good symbolic debugger : Ollydbg

http://www.ollydbg.de

QuoteOllyDbg is a 32-bit assembler level analysing debugger for Microsoft® Windows®. Emphasis on binary code analysis makes it particularly useful in cases where source is unavailable.

Crosscross

#5
April 26, 2007, 10:56:52 AM
Many thanks !
I begain to think if i can get more infomation if i trace the debuger,or the program built for debug.
Print
Go Up Pages1
User actions